Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bc8f5f30 by security tracker role at 2025-10-14T08:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2025-9713 (Path traversal in Ivanti Endpoint Manager allows a remote
unauthentica ...)
+ TODO: check
+CVE-2025-8594 (The Pz-LinkCard WordPress plugin before 2.5.7 does not validate
a para ...)
+ TODO: check
+CVE-2025-62392 (SQL injection in Ivanti Endpoint Manager allows a remote
authenticated ...)
+ TODO: check
+CVE-2025-62391 (SQL injection in Ivanti Endpoint Manager allows a remote
authenticated ...)
+ TODO: check
+CVE-2025-62390 (SQL injection in Ivanti Endpoint Manager allows a remote
authenticated ...)
+ TODO: check
+CVE-2025-62389 (SQL injection in Ivanti Endpoint Manager allows a remote
authenticated ...)
+ TODO: check
+CVE-2025-62388 (SQL injection in Ivanti Endpoint Manager allows a remote
authenticated ...)
+ TODO: check
+CVE-2025-62387 (SQL injection in Ivanti Endpoint Manager allows a remote
authenticated ...)
+ TODO: check
+CVE-2025-62386 (SQL injection in Ivanti Endpoint Manager allows a remote
authenticated ...)
+ TODO: check
+CVE-2025-62385 (SQL injection in Ivanti Endpoint Manager allows a remote
authenticated ...)
+ TODO: check
+CVE-2025-62384 (SQL injection in Ivanti Endpoint Manager allows a remote
authenticated ...)
+ TODO: check
+CVE-2025-62383 (SQL injection in Ivanti Endpoint Manager allows a remote
authenticated ...)
+ TODO: check
+CVE-2025-62365 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network
monitoring sy ...)
+ TODO: check
+CVE-2025-62364 (text-generation-webui is an open-source web interface for
running Larg ...)
+ TODO: check
+CVE-2025-62363 (yt-grabber-tui is a terminal user interface application for
downloadin ...)
+ TODO: check
+CVE-2025-62362 (gpp-burgerportaal is a Dutch government citizen portal
application. In ...)
+ TODO: check
+CVE-2025-62361 (WeGIA is an open source Web Manager for Institutions with a
focus on P ...)
+ TODO: check
+CVE-2025-62360 (WeGIA is an open source Web Manager for Institutions with a
focus on P ...)
+ TODO: check
+CVE-2025-62359 (WeGIA is an open source Web Manager for Institutions with a
focus on P ...)
+ TODO: check
+CVE-2025-62358 (WeGIA is an open source Web Manager for Institutions with a
focus on P ...)
+ TODO: check
+CVE-2025-62252 (Insecure Direct Object Reference (IDOR) vulnerability in
Liferay Porta ...)
+ TODO: check
+CVE-2025-62251 (Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP
2023.Q3.1 thro ...)
+ TODO: check
+CVE-2025-62246 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Liferay ...)
+ TODO: check
+CVE-2025-62179 (WeGIA is an open source Web Manager for Institutions with a
focus on P ...)
+ TODO: check
+CVE-2025-62178 (WeGIA is an open source Web Manager for Institutions with a
focus on P ...)
+ TODO: check
+CVE-2025-62177 (WeGIA is an open source Web Manager for Institutions with a
focus on P ...)
+ TODO: check
+CVE-2025-62176 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2025-62175 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2025-62174 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2025-61688 (Omni manages Kubernetes on bare metal, virtual machines, or in
a cloud ...)
+ TODO: check
+CVE-2025-59889 (Improper authentication of library files in the Eaton IPP
software ins ...)
+ TODO: check
+CVE-2025-59836 (Omni manages Kubernetes on bare metal, virtual machines, or in
a cloud ...)
+ TODO: check
+CVE-2025-55078 (In Eclipse ThreadX before version 6.4.3, an attacker can cause
a denia ...)
+ TODO: check
+CVE-2025-42939 (SAP S/4HANA (Manage Processing Rules - For Bank Statements)
allows an ...)
+ TODO: check
+CVE-2025-42937 (SAP Print Service (SAPSprint) performs insufficient validation
of path ...)
+ TODO: check
+CVE-2025-42910 (Due to missing verification of file type or content, SAP
Supplier Rela ...)
+ TODO: check
+CVE-2025-42909 (SAP Cloud Appliance Library Appliances allows an attacker with
high pr ...)
+ TODO: check
+CVE-2025-42908 (Due to a Cross-Site Request Forgery (CSRF) vulnerability in
SAP NetWea ...)
+ TODO: check
+CVE-2025-42906 (SAP Commerce Cloud contains a path traversal vulnerability
that may al ...)
+ TODO: check
+CVE-2025-42903 (A vulnerability in SAP Financial Service Claims Management RFC
functio ...)
+ TODO: check
+CVE-2025-42902 (Due to the memory corruption vulnerability in SAP NetWeaver AS
ABAP an ...)
+ TODO: check
+CVE-2025-42901 (SAP Application Server for ABAP allows an authenticated
attacker to st ...)
+ TODO: check
+CVE-2025-11731 (A flaw was found in the exsltFuncResultComp() function of
libxslt, whi ...)
+ TODO: check
+CVE-2025-11623 (SQL injection in Ivanti Endpoint Manager allows a remote
authenticated ...)
+ TODO: check
+CVE-2025-11622 (Insecure deserialization in Ivanti Endpoint Manager allows a
local aut ...)
+ TODO: check
+CVE-2025-10732 (The SureForms \u2013 Drag and Drop Form Builder for WordPress
plugin f ...)
+ TODO: check
+CVE-2025-10357 (The Simple SEO WordPress plugin before 2.0.32 does not
sanitise and es ...)
+ TODO: check
+CVE-2024-6211
+ REJECTED
CVE-2025-9968 (A link following vulnerability exists in the UnifyScanner
component of ...)
NOT-FOR-US: ASUS
CVE-2025-9902 (Authorization Bypass Through User-Controlled Key vulnerability
in AKIN ...)
@@ -8163,12 +8259,12 @@ CVE-2025-59800 (In Artifex Ghostscript through 10.05.1,
ocr_begin_page in device
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=176cf0188a2294bc307b8caec876f39412e58350
(ghostpdl-10.06.0rc1)
NOTE: Ghostscript in Debian not compiled with Tesseract support
CVE-2025-59799 (Artifex Ghostscript through 10.05.1 has a stack-based buffer
overflow ...)
- {DSA-6024-1}
+ {DSA-6024-1 DLA-4330-1}
- ghostscript 10.06.0~dfsg-1 (bug #1116443)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708517
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=6dab38fb211f15226c242ab7a83fa53e4b0ff781
(ghostpdl-10.06.0rc1)
CVE-2025-59798 (Artifex Ghostscript through 10.05.1 has a stack-based buffer
overflow ...)
- {DSA-6024-1}
+ {DSA-6024-1 DLA-4330-1}
- ghostscript 10.06.0~dfsg-1 (bug #1116444)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708539
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=0cae41b23a9669e801211dd4cf97b6dadd6dbdd7
(ghostpdl-10.06.0rc1)
@@ -30962,7 +31058,7 @@ CVE-2025-7464 (A vulnerability classified as
problematic has been found in osrg
CVE-2025-7463 (A vulnerability was found in Tenda FH1201 1.2.0.14. It has been
declar ...)
NOT-FOR-US: Tenda
CVE-2025-7462 (A vulnerability was found in Artifex GhostPDL up to
3989415a5b8e99b9d1 ...)
- {DSA-6024-1}
+ {DSA-6024-1 DLA-4330-1}
- ghostscript 10.05.1~dfsg-2 (bug #1109270)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708606
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=619a106ba4c4abed95110f84d5efcd7aee38c7cb
@@ -733430,7 +733526,7 @@ CVE-2014-2375 (Ecava IntegraXor SCADA Server Stable
4.1.4360 and earlier and Bet
NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2014-2374 (The AXN-NET Ethernet module accessory 3.04 for the Accuenergy
Acuvim I ...)
NOT-FOR-US: Accuenergy
-CVE-2014-2373 (The web server on the AXN-NET Ethernet module accessory 3.04
for the A ...)
+CVE-2014-2373 (The AXN-NET Ethernet module accessory 3.04 for the Accuenergy
Acuvim I ...)
NOT-FOR-US: Accuenergy
CVE-2014-2372
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc8f5f300446281cb8a352ad1b518f1bb158cfe5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc8f5f300446281cb8a352ad1b518f1bb158cfe5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
